Amazon Linux 2022 Security Advisory: ALAS-2022-027
Advisory Release Date: 2022-02-16 00:52 Pacific
Advisory Updated Date: 2022-02-16 19:14 Pacific
Severity:
Medium
Issue Overview:
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). (CVE-2021-45931)
Affected Packages:
harfbuzz
Issue Correction:
Run dnf update --releasever=2022.0.20220215 harfbuzz to update your system.
New Packages:
aarch64:
harfbuzz-debuginfo-2.9.1-1.amzn2022.aarch64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2022.aarch64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2022.aarch64
harfbuzz-icu-2.9.1-1.amzn2022.aarch64
harfbuzz-2.9.1-1.amzn2022.aarch64
harfbuzz-devel-2.9.1-1.amzn2022.aarch64
harfbuzz-debugsource-2.9.1-1.amzn2022.aarch64
src:
harfbuzz-2.9.1-1.amzn2022.src
x86_64:
harfbuzz-debuginfo-2.9.1-1.amzn2022.x86_64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2022.x86_64
harfbuzz-icu-2.9.1-1.amzn2022.x86_64
harfbuzz-2.9.1-1.amzn2022.x86_64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2022.x86_64
harfbuzz-devel-2.9.1-1.amzn2022.x86_64
harfbuzz-debugsource-2.9.1-1.amzn2022.x86_64